apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ include "wordpress-nginx.fullname" . }}-nginx-config
  labels:
    {{- include "wordpress-nginx.labels" . | nindent 4 }}
data:
  default.conf: |
    upstream php-fpm {
        server 127.0.0.1:9000;
    }

    # Ingress/LBからのリアルIPを取得
    map $http_x_forwarded_for $real_ip {
        ~^(\d+\.\d+\.\d+\.\d+) $1;
        default $remote_addr;
    }

    # プロトコル判定（HTTP or HTTPS）
    map $http_x_forwarded_proto $fastcgi_https {
        default '';
        https on;
    }

    server {
        listen 80;
        server_name _;
        root /var/www/html;
        index index.php index.html;

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        client_max_body_size 64M;

        # リアルIP設定
        real_ip_header X-Forwarded-For;
        set_real_ip_from 10.0.0.0/8;
        set_real_ip_from 172.16.0.0/12;
        set_real_ip_from 192.168.0.0/16;
        real_ip_recursive on;

        # WordPress Multisite対応
        if (!-e $request_filename) {
            rewrite /wp-admin$ $scheme://$host$request_uri/ permanent;
            rewrite ^(/[^/]+)?(/wp-.*) $2 last;
            rewrite ^(/[^/]+)?(/.*\.php) $2 last;
        }

        # PHP処理（最優先）
        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass php-fpm;
            fastcgi_index index.php;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            
            # HTTPSリバースプロキシ対応
            fastcgi_param HTTPS $fastcgi_https;
            fastcgi_param HTTP_X_FORWARDED_PROTO $http_x_forwarded_proto;
            fastcgi_param HTTP_X_FORWARDED_FOR $http_x_forwarded_for;
            fastcgi_param HTTP_X_FORWARDED_HOST $http_x_forwarded_host;
            fastcgi_param HTTP_X_REAL_IP $real_ip;
            fastcgi_param REMOTE_ADDR $real_ip;
            fastcgi_param SERVER_PORT $http_x_forwarded_port;
            
            fastcgi_buffering off;
            fastcgi_read_timeout 300;
        }

        location / {
            try_files $uri $uri/ /index.php?$args;
        }
        
        # WordPress管理画面
        location ~ ^/(wp-admin|wp-login\.php) {
            try_files $uri $uri/ /index.php?$args;
        }
        
        # パーマリンク対応（投稿・固定ページ）
        location ~ ^/(.+)$ {
            try_files $uri $uri/ /index.php?$args;
        }

        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
            expires max;
            log_not_found off;
            access_log off;
            add_header Cache-Control "public, immutable";
        }

        location = /favicon.ico {
            log_not_found off;
            access_log off;
        }

        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }

        location ~ /\. {
            deny all;
            access_log off;
            log_not_found off;
        }
    }